This Privacy Policy describes how Aequitas, a subdivision of TRIJ Ventures, Inc. d/b/a Kronos Health (“Aequitas,” “we,” “us”), collects, uses, and protects information in connection with the Aequitas legal and medical reporting platform (the “Service”). Because the Service is used to process protected health information (PHI) on behalf of covered entities and their business associates, our handling of PHI is also governed by the applicable Business Associate Agreement (BAA), which controls in the event of any conflict with this policy.
1. Information we process
We process the following categories of information:
- Account information — names, work email addresses, and role for users we provision (physicians, firm and carrier staff).
- Case content — uploaded records, exam transcripts, and report drafts, which may contain PHI relating to injured workers.
- Audit and usage data — logs of access, edits, permission grants, and signatures used to maintain the audit trail and secure the Service.
2. How we use information
We use information to provide and secure the Service, including to:
- OCR records, generate report drafts, and produce exports at the direction of authorized users.
- Enforce per-case access permissions and maintain the append-only audit trail.
- Diagnose issues, prevent abuse, and meet legal and contractual obligations.
We do not sell personal information or PHI, and we do not use PHI for advertising.
3. How we protect information
We implement administrative, technical, and physical safeguards designed to protect information, including encryption of PHI in transit and at rest, least-privilege access controls, per-case permissioning, and append-only audit logging. No method of transmission or storage is perfectly secure, but we work to align our controls with applicable obligations.
4. Sharing
We share information only as needed to operate the Service — for example, with infrastructure and AI subprocessors operating under appropriate agreements — or as required by law. PHI is shared with counsel and other parties only as directed through the Service’s per-case permission controls.
5. Retention
We retain case content and account information for as long as needed to provide the Service or as directed by the applicable covered entity, and as required by law and the BAA. Audit records may be retained longer to preserve defensibility.
6. Your rights
Rights regarding PHI are generally exercised through the relevant covered entity. For other personal information, you may contact us to request access or correction, subject to applicable law.
7. Contact
Questions about this policy can be directed to aequitas@kronosgroup.health.